Spinnaker
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25534 | Cri | 0.52 | 9.1 | 0.00 | Mar 17, 2026 | ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916)… | ||
| CVE-2026-44795 | hig | 0.45 | — | — | Jun 22, 2026 | ### Impact There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: * CloudFormation deployments * CloudFoundry Baking The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to… | ||
| CVE-2025-61916 | 0.00 | — | 0.00 | Jan 5, 2026 | Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into… | |||
| CVE-2023-39348 | 0.00 | — | 0.00 | Aug 28, 2023 | Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output… | |||
| CVE-2022-23506 | 0.00 | — | 0.01 | Jan 3, 2023 | Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This… | |||
| CVE-2021-43832 | 0.00 | — | 0.03 | Jan 4, 2022 | Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users… | |||
| CVE-2021-39143 | 0.00 | — | 0.00 | Jan 4, 2022 | Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment… |
- risk 0.52cvss 9.1epss 0.00
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916)…
- risk 0.45cvss —epss —
### Impact There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: * CloudFormation deployments * CloudFoundry Baking The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to…
- CVE-2025-61916Jan 5, 2026risk 0.00cvss —epss 0.00
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into…
- CVE-2023-39348Aug 28, 2023risk 0.00cvss —epss 0.00
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output…
- CVE-2022-23506Jan 3, 2023risk 0.00cvss —epss 0.01
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This…
- CVE-2021-43832Jan 4, 2022risk 0.00cvss —epss 0.03
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users…
- CVE-2021-39143Jan 4, 2022risk 0.00cvss —epss 0.00
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment…